Jump to content
TeCHemically

RNDIS driver fails to install Windows 7

Recommended Posts

My bashbunny does not show a device in Win7 and the devmgr shows under "other devices" a "RNDIS" entry with the yellow exclamation symbol indicating driver failure. Trying to point it to the bunny as suggested for the similar problem for CDC Serial driver issues does not help. I followed the steps here as far as i could: http://wiki.bashbunny.com/?_escaped_fragment_=././index.md%23Sharing_an_Internet_Connection_with_the_Bash_Bunny_from_Windows#!././index.md%23Sharing_an_Internet_Connection_with_the_Bash_Bunny_from_Windows

 

I've not had any success installing tools, connecting to internet, or anything else so far. It's been a pretty big let down for a first day. Any guidance is appreciated!

Share this post


Link to post
Share on other sites

When the ATTACKMODE is set as STORAGE RNDIS_ETHERNET

Windows will recognize it as a composite device.

Try setting it to RNDIS_ETHERNET and it will work. Device installs with a IBM Corporation RNDIS driver.

Darren Kitchen already posted something about this, search the forum for it. (i'm currently on mobile sorry)

  • Upvote 1

Share this post


Link to post
Share on other sites

Hey @TeCHemically

What switch did you have it set to? Try what @WatskeBart said and set one of the payloads to RNDIS_ETHERNET. You should be able to do this from arming mode or over serial. I haven't played with my bunny much yet so can't give you guidance on the internet sharing. This should give you a good start.

Share this post


Link to post
Share on other sites

As a follow up you should be able to follow my instructions over here until step 4: 

Once you hit step 4 select 'Let me pick from a list of device drivers on my computer'. Scroll down and select `Microsoft Corporation`, select `Remote NDIS Compatible Device`, click next, Click Yes.

Share this post


Link to post
Share on other sites

I would read the following wiki, http://wiki.bashbunny.com/#!index.md, and watch the video Hak5 had prepared... it sounds like some steps are being skipped. Follow the others advice by removing STORAGE from the default switch 2 position in the payload, @Darren Kitchen thoughts on removing this from installs/github due to the worries/confusion. From here you can use the wiki to help you get the bunny online and updated. Next, flip the switch back position 3 take the files in tools_installer and paste it into switch one folder and let it run, note the code will probably find the files in the library folder first. Now your bash bunny should be ready to run the all the other payloads at the time of writing. 

Share this post


Link to post
Share on other sites

When plugging a bash bunny into a Windows 7 SP1 box - the device shows up as "IBM USB Remote NDIS Network Device" - however it does not collect creds (keeps blinking green) until the user clicks 'ok' to the new device being installed. Once 'ok' is clicked, and the device is removed and reinserted, the creds are quickly collected (LED goes solid green). Obviously this isnt very stealthy. Is there a way of getting it to work without the user having to click 'ok'? Is this normal btw?

Apologies is this has been covered already.

Share this post


Link to post
Share on other sites

Your issue maybe similar to the issue i was having with my dual attack modes that Seb resolved with the 1.3 update.

1.3 implements the ability to change the speed the BB reports as to the host machine.  In your ATTACKMODE line, after the other 2 parameters, add "RNDIS_SPEED_10000" and then see what happens when you plug in.  The issue I was experiencing in 1.2 was when I used HID RNDIS_ETHERNET, drivers could not install for the HID because when the ethernet comes online, windows used the BB instead of its internet capable device.  This is because by default the BB reports as 2GB.  The speed line above has it report as a 10Mb ethernet.  Why is this an issue?  Windows 7 and 10 will use Windows update to look for drivers it does not have.

Note: I notice on some machines this can delay your attack by sometimes up to a couple of minutes and limits your surface to machines that are online.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...